ssh-agent - Authentication key agent.
ssh-agent [-c] [-d debug_level] [-h] [k] [-s] [-t timeout] [-V] [command]
ssh-agent manages private keys used for authentication. It enables you to store private keys on a single computer and use these keys to authenticate ssh sessions securely anywhere on the network. Because passphrases are required only when you add keys to the agent, using the agent can simplify scripting that relies on ssh. By default, the connection to the agent can be forwarded, which means you can use the stored identities securely anywhere on the network. (Because agent forwarding creates an added security risk, you may want to disallow it. Use ForwardAgent on the client or AllowAgentForwarding on the server.)
To launch the agent in your current shell, use:
When you launch using eval, you need to terminate the process manually. You can use the PID or use -k as shown here:
To launch the agent in a subshell, use the command argument to specify your shell; for example:
When you launch the agent in a subshell, it terminates automatically when you log out of the shell.
To add keys to the agent, use ssh-add. For example, to start the agent in your current shell and load it with the keys in your identification file, use the following command sequence:
You are prompted for passphrases when keys are added to the agent. After you have loaded the keys, you can connect to servers that require any of the loaded keys without needing to enter a passphrase.
The agent sets two environment variables, SSH2_AUTH_SOCK and SSH_AGENT_PID. The agent creates a UNIX domain socket, and the name of this socket is stored in the SSH2_AUTH_SOCK environment variable. The socket is made accessible only to the current user.
Options are available in both a single-character form (such as ‑o) and a descriptive equivalent (‑‑option). Single characters are shown here. To view the descriptive equivalents, use the ‑h command line option.
Forces the shell to be csh. By default ssh-agent uses the SHELL environment variable to determine which shell to invoke. This option overrides the default behavior.
Sets the debug level. Increasing the value increases the amount of information displayed. Use 1, 2, 3, or 99. (Values 4-98 are accepted, but are equivalent to 3.)
Displays a brief summary of command options.
Kills the current agent (given by the SSH_AGENT_PID environment variable).
Forces the shell to be sh. By default ssh-agent uses the SHELL environment variable to determine which shell to invoke. This option overrides the default behavior.
Sets a default timeout for any key added to the agent. Keys are deleted after the specified timeout. By default keys have no timeout limit, which is equivalent to setting a timeout value of zero(0). (You can also specify timeouts when you add keys by using the ssh-add -t option, which overrides this setting.)
By default, the timeout value is set in minutes. You can specify other units using this syntax:
Where unit can be: s (seconds), m (minutes), h (hours), d (days), or w (weeks). (Upper or lower case units are both accepted with the same meaning.) For example:
3600s = 3600 seconds (1 hour)
2w = 2 weeks
2d4h = 2 days and 4 hours
Displays product name and version information and exits. If other options are specified on the command line, they are ignored.
Copyright (C) 2010 Attachmate Corporation
ssh(1), ssh2_config(5), ssh-keygen(1), scp(1), sftp(1), ssh-add(1), sshd(8), sshd2_config(5), ssh-certview(1),ssh-certtool(1), pkid(8), pki_config(5), pki_mapfile(5), pki-val(1)
Additional Reflection for Secure IT documentation is available online from the Attachmate documentation web page:
And from the technical note library: